CLAIMS 



1 . (Previously Presented) A method for implementing protection 
switching for a virtual private network comprising the steps of 

establishing a working virtual private network path and a protection virtual 
private network path between a first edge node and a second edge node; and 

switching traffic from the working virtual private network path to the 
protection virtual private network path when detected traffic congestion in the working 
virtual private network path exceeds a predetermined threshold. 

2. (Original) The method of claim 1 further comprising: 
detecting failure of the working virtual private network path; and 
switching traffic from the working virtual private network path to the 

protection virtual private network path when failure of the working virtual private network 
path is detected. 

3. (Original) The method of claim 1 further comprising: 
detecting a return to proper functioning of the working virtual private 

network path; and 

switching traffic from the protection virtual private network path to the 
working virtual private network path when said return to proper functioning of the 
working virtual private network path is detected. 

4. (Original) The method of claim 1 further comprising: 
establishing a management channel in at least one of said working virtual 

private network paths; 

connecting said management channel between said first edge node and 
said second edge node; 

transmitting time stamps across said management channel; 
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transmitting network measurement parameters across said management 

channel; and 

analyzing said time stamps and said network management parameters to 
detect failures or congestion in said working virtual private network path. 

5. (Previously Presented) The method of claim 4, wherein said time 
stamps and said network management parameters are analyzed by an algorithm in said 
first edge node. 

6. (Previously Presented) The method of claim 4, wherein said time 
stamps and said network management parameters are analyzed by an algorithm in said 
second edge node. 

7. (Previously Presented) The method of claim 4, wherein said 
working virtual private network path has an overall capacity and said management 
channel has a utilization not exceeding approximately ten percent of said overall 
capacity. 

8. (Previously Presented) The method of claim 1 further comprising: 
sending time stamps across said working virtual private network path and 

said protection virtual private network path. 

9. (Previously Presented) The method of claim 8 further comprising: 
utilizing said time stamps for synchronizing data transmission across said 

working virtual private network path and said protection virtual private network path. 

10. (Original) The method of claim 8 further comprising: 

utilizing said time stamps to enable recovery of data lost on said working 
virtual private network path and said protection virtual private network path. 

1 1 . (Original) The method of claim 1 further comprising: 
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establishing quality of service parameters for said working virtual private 
network path and said protection virtual private network path; 

assigning the quality of service parameters to said working virtual private 
network path and said protection virtual private network path; and 

synchronizing said first edge node and said second edge node according 
to the quality of service parameters. 

12. (Previously Presented) An apparatus for protection switching of a 
virtual private network comprising: 

a working virtual private network path connected between a first edge 
node and a second edge node; 

a protection virtual private network path connected between the first edge 
node and the second edge node; 

a congestion detector; and 

a data switch, 

wherein when data is transmitted across the working virtual private 
network path, said congestion detector is configured to detect traffic congestion on said 
working virtual private network path and said data switch switches said data from said 
working virtual private network path to said protection virtual private network path when 
said traffic congestion exceeds a predetermined threshold. 

13. (Original) The apparatus of claim 12 further comprising a failure 
detector, wherein said failure detector detects failure of said working virtual private 
network path and said data switch switches said data from said working virtual private 
network path to said protection virtual private network path when said failure is detected 
by said failure detector. 

14. (Previously Presented) The apparatus of claim 12 further 

comprising: 

a nomnal operation detector; and 
a second data switch. 
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wherein when said normal operation detector detects a return to nonnal 
functioning of said working virtual private network path, said second data switch 
switches said data from said protection virtual private network path to said working 
virtual private network path. 

1 5. (Previously Presented) The apparatus of claim 12 further 

comprising: 

a management channel in at least one of said working virtual private 
network paths; 

a plurality of time stamps transmitted across said management channel; 

and 

a plurality of network measurement parameters transmitted across said 
management channel; 

wherein said time stamps and said network management parameters are 
analyzed to detect a failure or congestion in said working virtual private network path. 

16. (Original) The apparatus of claim 15, wherein said time stamps 
and said network management parameters are analyzed by an algorithm in said first 
edge node. 

17. (Original) The apparatus of claim 15, wherein said time stamps 
and said network management parameters are analyzed by an algorithm in said second 
edge node. 

18. (Previously Presented) The apparatus of claim 15 wherein said 
working virtual private network path has an overall capacity, and wherein the apparatus 
is configured to limit utilization of said management channel to an amount not 
exceeding approximately ten percent of said overall capacity. 
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19. (Previously Presented) The apparatus of claim 12 further 
comprising a plurality of time stamps sent across said working virtual private network 
path and said protection virtual private network path. 

20. (Previously Presented) The apparatus of claim 19, wherein said 
plurality of time stamps are configured to synchronize data transmitted across said 
working virtual private network path and said protection virtual private network path. 

21 . (Original) The apparatus of claim 19. wherein said plurality of time 
stamps enable recovery of data lost from said working virtual private network path and 
said protection virtual private network path. 

22. (Previously Presented) The apparatus of claim 12 further 
comprising a plurality of quality of service parameters assigned to said working virtual 
private network path and said protection virtual private network path. 

23. (Previously Presented) The apparatus of claim 22, wherein said 
first edge node and said second edge node are synchronized according to said plurality 
of quality of service parameters. 

24. (Previously Presented) An apparatus to implement switching 
between a working virtual private network path and a protection virtual private network 
path between in a virtual private network, comprising: 

a monitor module configured to monitor the working virtual private network 
path to monitor traffic flow thereon, the monitor module configured to cause a switch in 
traffic from the working virtual private network path to the protection virtual private 
network path in response to a detected event selected from a group of events 
comprising congestion in the working virtual private network path that exceeds a 
predetermined threshold and link failure in the working virtual private network path. 
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25. (Previously Presented) The apparatus of claim 24 wherein the 
monitor module is configured to continue to monitor the working virtual private network 
path, the monitor module configured to cause a switch in traffic from the protection 
virtual private network path to the working virtual private network path if the event 
selected from the group of events is congestion in the working virtual private network 
path and traffic flow in the working virtual private network path no longer exceeds the 
predetermined threshold. 

26. (Previously Presented) The apparatus of claim 24 wherein the 
monitor module is configured to continue to monitor the working virtual private network 
path, the monitor module configured operating to cause a switch in traffic from the 
protection virtual private network path to the working virtual private network path if the 
event selected from the group of events is link failure in the working virtual private 
network path and the monitor module detemnines that there is no longer a link failure in 
the working virtual private network path. 

27. (Previously Presented) The apparatus of claim 24 wherein the 
working virtual private network path and the protection virtual private network path are 
established between first and second router/switches, the monitor module being 
integrated into one of the first and second router/switches. 

28. (Previously Presented) The apparatus of claim 24 wherein the 
working virtual private network path and the protection virtual private network path are 
established between first and second router/switches, the monitor module operative 
independently from the first and second router/switches. 

29. (Previously Presented) A virtual private network, comprising: 
a router/switch configured for communication over a communication 

network, the router/switch being configured to establish a working virtual private network 
path and a protection virtual private network path over the communication network; and 
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a monitor module configured to monitor the working virtual private network 
path to monitor traffic flow thereon, the monitor module configured to cause the 
router/switch to switch traffic from the working virtual private network path to the 
protection virtual private network path in response to a detected event selected from a 
group of events comprising congestion in the working virtual private network path that 
exceeds a predetemnined threshold and link failure in the working virtual private network 
path. 

30. (Previously Presented) The apparatus of claim 29 wherein the 
monitor module is configured to continue to monitor the working virtual private network 
path, the monitor module configured to cause the router/switch to switch traffic from the 
protection virtual private network path to the working virtual private network path if the 
event that caused the router/switch to switch traffic from the working virtual private 
network path to the protection virtual private network path is no longer present. 

31 . (Previously Presented) The apparatus of claim 29 wherein the 
monitor module is integrated into the router/switch. 

32. (Previously Presented) The apparatus of claim 29 wherein the 
monitor module is configured to operate independently from the router/switch. 
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